SAML authenticator major update
Unity SAML authenticator and SAML authentication from day zero suffered from a sub-optimal implementation approach, which was completely invisible in small setups, but caused severe troubles when used with large federations. In this release we made a major step forward in this area:
- the new implementation reduced memory consumption on large setups by two orders of magnitude (or more), eliminating OOM problems you could experience,
- metadata parsing and reloading is significantly faster,
- our code is better tested and finally open for implementing the list of small improvements that was laying blocked for a long time.
We are still not at the end of SAML implementation revamp and in the next release we plan to align the SAML IdP implementation to the same architecture of metadata and configuration handling as well as address smaller issues of slowly loading console configuration screens as well as to improve performance even more.
SCIM read-only endpoint
Unity ships the first version of the SCIM endpoint implementation. It is a read-only subset of the SCIM API with few simplifications, however already now offers endless usage possibilities by the means of a configurable schema creation and mapping. You can configure a customized presentation of your Unity directory contents and expose it with a custom SCIM schema.
Not only the simple, single valued attributes are supported, but also the multi valued and complex ones.
Console attribute editor & string attributes editing
A small feature, but frequently requested, was to better support in what way a string-typed attribute is edited. Now it is controlled by Unity admin, who can select whether to use a default text-field or a text area. So far this decision was made automatically basing on the maxim allowed size of an attribute value.
That’s not al here: we also changed how the console attribute editor looks like. It is lightweight, makes better use of screen space and allows for focusing on the task.
Fast REST APIs
Two new REST API resources were added, which allows for speed-optimized queries in two special but popular cases:
- When caller is only interested in direct or global attributes. In this case dynamic attributes from group attribute statements are not included, what brings significant speedup.
- When caller is interested in selected attributes only. This resource allows for reducing transferred data and also to optimize in case of direct attributes.
Version information in console
It is now possible to check which version is running on your production by visiting the About page in the Admin Console:
Factors used in authentication in Output profile
Output profile MVEL context has now access to new variables, which expose information on whether MFA was used and what authenticators were used to authenticate user’s session.
Upgrade from 3.8
This release performs database update, so taking regular care to backup the database before update is advised.
No configuration changes are required.